Equifax, one of the three major U.S. credit bureaus, stores the social security numbers, birthdates, addresses, driver’s license numbers, and credit histories of most Americans. The recent data breach at Equifax potentially impacts as many as 143 million of us (more than half the U.S. adult population) by jeopardizing our sensitive personal information. Equifax discovered on July 29, 2017 that the “unauthorized access” had occurred; however, it did not disclose the hack to the public until more than a month later. The hackers apparently also gained access to credit card numbers belonging to 209,000 consumers.
Equifax is facing plenty of criticism surrounding the hack. It appears to have been aware of a software security patch that may have prevented the breach, but chose not to implement it. Furthermore, three of its executives unloaded nearly two million dollars worth of their shares in Equifax stock within days of discovering the security breach. Lawmakers are calling for an insider trading investigation by the Securities and Exchange Commission and the Department of Justice. This isn’t the first time that Equifax has been in trouble with respect to its handling of consumer information. In 2013, Equifax settled charges brought by the Federal Trade Commission and forfeited money it had made by allegedly improperly selling information about millions of Americans who were late on their mortgages. Presumably, the Federal Trade Commission will take this recent event very seriously and conduct a thorough investigation.
But enough about Equifax’s problems, how much of a headache is this going to be for you personally? We don’t know the identity of the hackers or their motives. Apparently, there is no evidence thus far of the hacked information being dumped in one place. The worst case scenario is having your personal information sold to cyber thieves via online black markets. These data thieves can use the information to open credit cards, lines of credit, and bank accounts, leaving you to deal with creditors and collectors after they’ve racked up charges in your name. Identity theft isn’t limited to using your identity to incur debt; it can also lead to driver’s licenses in your name that saddle you with traffic citations, tax refunds garnered by filing bogus returns under your name and social security number, taking your social security check, and obtaining prescription medication in your name that shows up on your medical record.
So, what can you do to prevent these horrors from happening? Sadly, some of them simply aren’t preventable and must be dealt with after the fact. It is possible to protect your credit to some degree by taking the following steps. First, pull your credit report and check it for accuracy as well as any trade lines that may have recently been opened (you’re entitled to a free credit report every 12 months from www.annualcreditreport.com). If you find accounts on your credit report that don’t belong to you, then unfortunately damage has already occurred and you will need to go through the tedious process of disputing those items to get them removed. The next step is to begin monitoring your credit for any new activity if you aren’t currently doing this. The easiest way to keep tabs on your credit is by signing up for a credit monitoring service that issues notifications to you when new activity is detected. Although you won’t receive advance warning that identity theft is imminent, you will be in a position to act quickly after it happens. You should also change any passwords that contain information stored by Equifax and now available to the hackers, such as your birthdate. Lastly, you should consider placing a freeze on your credit with the credit bureaus, including TransUnion, Experian, Innovis, and of course Equifax. You will be issued a PIN code that can be used to lift the freeze should you need to apply for credit. This is the most effective means of preventing thieves from opening new accounts using your identity.
You’re probably wondering what Equifax is doing to take responsibility for the situation. Its remedy is to offer free credit monitoring services with TrustedID Premier (operated by Equifax) for a one year period. This essentially entails trusting the company that lost your information to now monitor it. Furthermore, the potential impact from the breach could last well beyond the one year monitoring period, and perhaps for decades, because your information has been irretrievably divulged. Equifax has established a mechanism to purportedly check for “potential impact” to your individual information, found at www.equifaxsecurity2017.com. However, it doesn’t seem possible for Equifax to really know who has been affected and I suspect its test for determining this is less than perfect. I recommend taking measures to monitor and protect your credit regardless of whether Equifax indicates it has been impacted or not.
Thank you for taking the time to read this article. Please keep in mind that it is general information only, which may not be appropriate for your specific situation, and is not intended to constitute legal advice or create an attorney-client relationship. If you have any questions, please feel free to give me a call at 480-344-0981 or email me at tperez@davismiles.com.